ef98f2d2d5d24d32cabeda72f534dae2ce12620d749b6716aec2d1641e10227c

Sharing

Copy URL Twitter E-mail

General

Target

ef98f2d2d5d24d32cabeda72f534dae2ce12620d749b6716aec2d1641e10227c
Size

1.5MB
MD5

96437b5e589315c4af876b02d2528d68
SHA1

a2a045ffa588b3348cb7304ce83cd39e11eabd90
SHA256

ef98f2d2d5d24d32cabeda72f534dae2ce12620d749b6716aec2d1641e10227c
SHA512

8a4d7e95b502af0a870e7b6129c5dda32bbd7226af979d94028b56c768a85803f73cb207466cfba39a9510f228e5891cef50f3092cc9b30c858e33c644358887
SSDEEP

24576:0QCviCqcNHxPwZELS6++QNQHcMbR5d2fpYVdchWKxoT4f6HkOUUmHrZCDTexr1v4:LC/l2ELSY9cMbp2B00w4f6H/mLOTexSl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef98f2d2d5d24d32cabeda72f534dae2ce12620d749b6716aec2d1641e10227c

Files

ef98f2d2d5d24d32cabeda72f534dae2ce12620d749b6716aec2d1641e10227c
.exe windows x86

480e9efe251cb4dd8092120af2f34138

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdiplusStartup
GdiplusShutdown

imm32

ImmDisableIME

kernel32

GlobalMemoryStatusEx
RaiseException
CreateMutexW
FreeLibrary
LoadLibraryW
GetLastError
GetProcAddress
CloseHandle
SetFilePointer
OutputDebugStringW
GetModuleFileNameW
CreateFileW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentVariableW
VirtualQuery
GetLogicalDriveStringsW
QueryDosDeviceW
GetUserDefaultLangID
CreateEventW
OpenEventW
InterlockedExchange
WriteFile
GlobalAlloc
ResetEvent
ResumeThread
GetTickCount
SetEvent
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
DeviceIoControl
FormatMessageW
InitializeCriticalSectionAndSpinCount
InterlockedExchangeAdd
GetFileSizeEx
lstrcpyW
lstrcatW
GetFileTime
ReadFile
SetEndOfFile
GetFileSize
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
MoveFileW
GetCurrentDirectoryW
GetTempPathW
lstrlenW
CopyFileW
GetSystemDirectoryW
SetFileTime
CreateDirectoryW
MoveFileExW
GetTempFileNameW
GetFullPathNameW
LocalFileTimeToFileTime
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
FindNextFileW
FindClose
GlobalFree
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
GetCurrentProcess
LoadLibraryA
GetFileAttributesW
LoadLibraryExW
GetVolumeInformationW
GetDiskFreeSpaceW
GetShortPathNameW
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
OpenMutexW
Sleep
MultiByteToWideChar
GetACP
WideCharToMultiByte
lstrcmpiW
GetSystemInfo
LockResource
GetVersionExW
LoadResource
FindResourceW
GetDriveTypeW
SearchPathW
LocalFree
WaitForMultipleObjects
GetExitCodeProcess
GetModuleHandleW
WaitForSingleObject
CreateProcessW
ExpandEnvironmentStringsW
SetLastError

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
??7ios_base@std@@QBE_NXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
_Inf
_Nan
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??0id@locale@std@@QAE@I@Z
?_Xlength_error@std@@YAXPBD@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Xruntime_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z

msvcr120

memmove
_purecall
??3@YAXPAX@Z
_hypot
??2@YAPAXI@Z
atoi
free
malloc
wcsrchr
realloc
??_V@YAXPAX@Z
wcschr
towlower
??_U@YAPAXI@Z
wcsstr
_vsnwprintf
towupper
_wtoi
_errno
rand
srand
_time64
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_unlock_file
ungetc
strstr
fgetpos
_fseeki64
fflush
fgetc
fsetpos
_except1
setvbuf
_lock_file
memcpy_s
fwrite
fclose
calloc
?terminate@@YAXXZ
_wcsnicmp
sprintf
atof
_stricmp
_splitpath_s
_mktime64
_localtime64
strchr
memchr
tolower
toupper
wcsncpy
_wcsicmp
_vswprintf_c_l
sscanf
swscanf_s
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__CxxFrameHandler3
__crtTerminateProcess
__crtUnhandledException
sprintf_s
_dtest
strpbrk
abort
modf
__iob_func
localeconv
fprintf
memcpy
memset
_wfopen_s
rewind
fread
ftell
fseek
_beginthreadex
wcstoul
isalnum
_crt_debugger_hook
_commode
_fmode
_wcmdln
_recalloc
memmove_s
_CxxThrowException
_initterm

user32

UnregisterClassW

shell32

SHGetFolderPathW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

480e9efe251cb4dd8092120af2f34138

Headers

DLL Characteristics

File Characteristics

Imports

version

gdiplus

imm32

kernel32

advapi32

msvcp120

msvcr120

user32

shell32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 236KB - Virtual size: 235KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 236KB - Virtual size: 235KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 62KB - Virtual size: 61KB